Mixed (up) Security Model

Hi All,
I need to have all clients auto login to a project, while allowing a few power users (authenticated via AD) to make some changes at runtime. What I’m thinking is I would have everyone auto login, but then for those that need to make changes, have them click a login button which would prompt them for a username and password that would be authenticated against AD. A “logout” button would then login the auto-login user. Is that possible, and if so how? Thanks in advance for any help!

Yes, that is possible using the system.security.switchUser function. Once you auto-login you can call that function with another valid username and password and the client will reload. If you want to logout just switch it back to the auto-login username and password. There is an example window in our Example project:

inductiveautomation.com/downloads/extras

that you can copy into your project. It basically opens a switch user window allowing the user to enter in a username and password. It calls the system.security.switchUser function when the user presses ok. The function will let you know whether or not the username and password is valid.

1 Like

Thanks Travis. That’s good information. But I think in my mind I’m mixing two authentication profiles - ADHybrid for the “power” users and default for the auto-login. What Authentication Profile do I choose for the project to allow both?

You can choose either the ADHybrid or the default as the authentication profile for the project. Whichever one you select first needs to failover to the second. So for example if you attach the default authentication profile to the project it will try to use that one first. You can set the default profile to failover to the ADHybrid profile which a failover mode set to soft. That way it will try the first profile and if the username and password don’t exist it will try the second profile. In your case the default may only have one username and password which is used as the auto-login. Hope this helps.

1 Like

Worked like a charm. Thanks Travis!

How then do you set up security in the designer? I can’t see the roles associated with the failover authentication profile… Maybe I need to duplicate the name of each role I want in the failover profile in the primary profile?

Yes, we only show the roles for the primary user source. You should add all of the possible roles in there so you can select from that in the designer.

1 Like

Thanks Travis, I am still having a small issue that I have posted here, would really appreciate if you could take a look.